4

On the 25th May, developers must inform their users about presonalized ads served through AdMob. Google has pubblished some guidelines to be compliant: https://support.google.com/admob/answer/7666519?hl=en&utm_source=aso&utm_medium=link&utm_campaign=ww-ww-et-asfe_

But I don't understand well if I need to implement Google Consent SDK to pick and store consent, or if I can make my own implementation to ask a consent.

If I undestand well I can ask for a consent in any way, but I should notify AdMob (through ad request) if the user does not agree with personalized ads, right?

Is there something more that developers should know about?

Philip
  • 771
  • 1
  • 9
  • 24

1 Answers1

4

You don't have to use the Consent SDK. (I don't use it, because I show the whole data privacy policy with all the information needed at startup where the user have to opt-in). You can make your own implementation and send the result personalized or not via AdRequest: https://developers.google.com/admob/android/eu-consent#forward_consent_to_the_google_mobile_ads_sdk

You also have to save the consent anywhere (Article 7.1), see: https://www.google.com/about/company/consenthelpstaging.html

What records do I need to keep? Our policy requires that customers retain records of consent. At a minimum, these should include the text and choices presented to users as part of a consent mechanism and a record of the date and time of the user’s affirmative consent.

There are a lot of other things you have to do, but this would go beyond the scope of your question.

Bevor
  • 8,396
  • 15
  • 77
  • 141
  • Thank you, but please what do you mean with: "There are a lot of other things you have to do"? – Philip May 22 '18 at 18:49
  • @Philip I mean all this data privacy policy information you have to provide. It's very cumbersome to collect all the important information. And as I already mentioned, you need to create the infrastructure to handle the given consents (adding, deleting, modifying, consent database) – Bevor May 23 '18 at 08:25
  • Privacy Policy yes, I've already written and should be compliant with EU law. Infrastructure you mentioned (as I've understand well from the links) could be made in any way, so even a tiny local database to handle consent could be enough, right? Just because you mentioned it can you link your implementation without consent sdk just to better understand, thank you – Philip May 23 '18 at 11:50
  • @Philip Basically a local database could be enough, but keep in mind that you have to proof consent to an authority. BUT, proving to an authority can also mean to prove that the user cannot proceed as long as he doesn't accept or decline, which would be safe then too (what means that a local database is enough). Nevertheless, I have access to all consents on the server side, since I save them on server. With this strategy I'm surely on the safe side and I don't have to care about what is maybe legally correct or not. I can always prove all consents to an authority now. – Bevor May 24 '18 at 06:29